Cisco ASA 5506x Switch Port Configuration with ASDM

Beginning with ASA OS v9.7, the 5506-X has a new default configuration that allows the ports to be used as switchports, similar to how the 5505 models worked. The default configuration includes a Bridge Virtual Interface (BVI) that has ports G1/2 - G1/7 (6 ports) as members of the BVI. This will apply to models that ship with 9.7 code. However, if you upgrade a device to 9.7, you will have to manually create the BVI group (the upgrade itself does not do this).

Even though the BVI supports up to 6 ports in the BVI, if you try to configure this via ASDM, it only allows you to add 4 ports as members. This actually is a restriction when running the ASA in transparent mode (we rarely do this) instead of routed mode (typical install), but ASDM seems to ignore the mode and apply this restriction regardless. So for an ASA in routed mode, this seems to be an ASDM bug. To work around this, you must add the member ports via the CLI. In addition, the ports cannot have a name defined before you configure the bridge group. However, they must have the naming convention inside1, inside2, etc. to work as part of the BVI group named inside. The default is to assign the members of BVI1 (G1/2 - G1/8) the names inside1 - inside7. The BVI interface is named inside.

Also, the http and ssh commands don't allow you to assign the BVI named interface (inside). Instead, you must add the member name (ex. inside1, inside2, etc.). The snmp-server command actually does allow you to add the BVI interface name, but it doesn't work when you do (seemingly another bug). So again, you'll need to use the member port name instead.

Networking Cisco ADSM ASA